Text Widget

Download

11 January 2012

Spear Phishing is very common to the traditional Phishing but more targeted to a specific group. Spear Phishing is define as an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear Phishing attempts are not typically initiated by “random hackers” but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information (SearchSecurity, 2005).

A typical Spear Phishing attack is conducted by a “Phisherman” (The person performing the attack) gains detailed information about you and your organization through websites, blogs, and social networking sites.

Then the “ Phisherman” sends out a specific and personal emails asking the user or “phish” (The person the attack is being conducted on) to enter their username, password, account number, access codes, pins, to a clone website. It seems very authentic since the information will be coming in the form of a familiar site or process. From there as in a typical Phishing attack, your information is captured leaving the user vulnerable to identify theft or financial lost.

There ways of preventing being caught by a spear:
IT and help-desk personnel will never ask for password, so never give out your password for any reason.
Never reveal any personal information in an email
Look for digital signatures
Assume all unsolicited requests are Phishing attempts.